DTLS握手状态机
// OpenSSL DTLS 握手狀態(tài)轉(zhuǎn)移圖
//
// 請(qǐng)使用 Visual Studio Code 編輯此文件
// 安裝 "Graphviz Interactive Preview" 插件后, 使用快捷鍵 Ctrl+Shift+Vdigraph top {//rankdir = LR; // LR表示沿著水平方向繪圖, 默認(rèn)情況會(huì)沿垂直方向繪圖size = "20";compound = true;margin = "20,20";ranksep = 0.2;penwidth = 0.5;// 服務(wù)器狀態(tài)機(jī)subgraph cluster_server {margin="10,10"labeljust="left"label = "服務(wù)器狀態(tài)機(jī)"style=filledfillcolor=gray95node [shape = doublecircle]; DTLS服務(wù)器初始狀態(tài) TLS_ST_OK_ 準(zhǔn)備重新握手_;node [shape = circle];DTLS服務(wù)器初始狀態(tài) -> 20 [ label = "收到Client Hello" ];20 -> 21 [ label = "輸出Hello Verify包" ];21 -> 20 [ label = "收到帶cookie的ClientHello包" ];20 -> 22 [ label = "cookie校驗(yàn)無(wú)誤\n輸出Server Hello包" ];22 -> 23 [ label = "輸出Certificate\n服務(wù)器證書(shū)包" ];23 -> 34 [ label = "輸出Server Certificate Status包" ];23 -> 24 [ label = "輸出Server Key Exchange包" ];34 -> 24 [ label = "輸出Server Key Exchange包" ];24 -> 26 [ label = "輸出Server Hello Done\n(允許單向身份認(rèn)證)" ];24 -> 25 [ label = "輸出Certificate Request\n(強(qiáng)制雙向身份認(rèn)證)" ];25 -> 26 [ label = "輸出Server Hello Done包" ];26 -> 27 [ label = "收到客戶端的Certificate證書(shū)包" ];27 -> 28 [ label = "收到Client Key Exchange" ];28 -> 31 [ label = "收到Change Cipher Spec" ];28 -> 29 [ label = "收到Certificate Verify包\n(雙向證書(shū)認(rèn)證)" ];29 -> 31 [ label = "收到Change Cipher Spec" ];31 -> 32 [ label = "收到Client Finished" ];32 -> 35 [ label = "輸出Change Cipher Spec包" ];32 -> 33 [ label = "輸出New Session Ticket包" ];33 -> 35 [ label = "輸出Change Cipher Spec包" ];35 -> 36 [ label = "輸出Server Finished包" ];36 -> TLS_ST_OK_ [ label = "握手完成" ];TLS_ST_OK_ -> 準(zhǔn)備重新握手_ [ label = "輸出Hello Request\n(重握手請(qǐng)求)" ];準(zhǔn)備重新握手_ -> TLS_ST_OK_ [ label = "允許客戶端不響應(yīng)重握手請(qǐng)求" ];準(zhǔn)備重新握手_ -> 20 [ label = "<=強(qiáng)制重握手\n等待Client Hello" ];}// 客戶端狀態(tài)機(jī)subgraph cluster_client {margin="20,20";labeljust="left";label = "客戶端狀態(tài)機(jī)";style=filled;fillcolor=gray95node [shape = doublecircle]; DTLS客戶端初始狀態(tài) TLS_ST_OK 準(zhǔn)備重新握手;node [shape = circle];DTLS客戶端初始狀態(tài) -> 12 [ label = "輸出Client Hello包" ];12 -> 2 [ label = "收到Hello Verify\n(含有對(duì)方下發(fā)的cookie)" ];2 -> 12 [ label = "輸出帶cookie的ClientHello包" ];12 -> 3 [ label = "收到Server Hello" ];3 -> 4 [ label = "收到Certificate\n(服務(wù)器證書(shū))" ];4 -> 6 [ label = "收到Server Key Exchange" ];4 -> 5 [ label = "收到Server Certificate Status" ];5 -> 6 [ label = "收到Server Key Exchange" ];6 -> 8 [ label = "收到Server Hello Done\n(不強(qiáng)制雙向身份認(rèn)證)" ];6 -> 7 [ label = "收到Certificate Request\n(強(qiáng)制雙向身份認(rèn)證)" ];7 -> 8 [ label = "收到Server Hello Done" ];8 -> 13 [ label = "客戶端輸出Certificate證書(shū)包" ];13 -> 14 [ label = "輸出Client Key Exchange包" ];14 -> 16 [ label = "輸出Change Cipher Spec包\n(允許單向證書(shū)認(rèn)證)" ];14 -> 15 [ label = "輸出Certificate Verify包\n(雙向證書(shū)認(rèn)證)" ];15 -> 16 [ label = "輸出Change Cipher Spec包" ];16 -> 18 [ label = "輸出Client Finished包" ];18 -> 10 [ label = "收到Change Cipher Spec" ];18 -> 9 [ label = "收到New Session Ticket" ];9 -> 10 [ label = "收到Change Cipher Spec" ];10 -> 11 [ label = "收到Server Finished" ];11 -> TLS_ST_OK [ label = "握手完成" ];TLS_ST_OK -> 準(zhǔn)備重新握手 [ label = "收到Hello Request" ];準(zhǔn)備重新握手 -> TLS_ST_OK [ label = "忽略重握手請(qǐng)求" ];準(zhǔn)備重新握手 -> 12 [ label = "<=執(zhí)行重握手,輸出Client Hello包" ];}}
image.png
...
// 客戶端初始狀態(tài)DTLS服務(wù)器初始狀態(tài) -> TLS_ST_CW_CLNT_HELLO [ label = "創(chuàng)建Client Hello包并發(fā)送" ];// TLS_ST_CW_CLNT_HELLO -> HELLO_VERIFY_REQUEST [ label = "收到Hello Verify包" ];// HELLO_VERIFY_REQUEST -> TLS_ST_CW_CLNT_HELLO [ label = "從Hello Verify包中取出cookie" ];// TLS_ST_CW_CLNT_HELLO -> TLS_ST_CR_SRVR_HELLO [ label = "..." ];// TLS_ST_CR_SRVR_HELLO -> TLS_ST_CR_CERT [ label = "..." ];// TLS_ST_CR_CERT -> TLS_ST_CR_CERT_STATUS [ label = "..." ];// TLS_ST_CR_CERT_STATUS -> TLS_ST_CR_KEY_EXCH [ label = "..." ];// TLS_ST_CR_CERT -> TLS_ST_CR_KEY_EXCH [ label = "..." ];// TLS_ST_CR_KEY_EXCH -> TLS_ST_CR_CERT_REQ [ label = "..." ];// TLS_ST_CR_CERT_REQ -> TLS_ST_CR_SRVR_DONE [ label = "..." ];// TLS_ST_CR_SRVR_DONE -> TLS_ST_CW_CERT [ label = "服務(wù)器強(qiáng)制雙向TLS" ];
總結(jié)
- 上一篇: c# 找出目录下的所有子目录_C# 基础
- 下一篇: 深入理解JVM性能调优